Skip to content

Commit 95f4004

Browse files
doserazeripath
andauthored
Extend the fail2ban instructions with a hint on how to make X-Real-IP… (#16446)
Following the merging of #14959 - Gitea is a lot more strict regarding the interpretation of `X-Real-IP` and `X-Forwarded-For` headers. This PR updates the fail2ban documentation to include hints to set: `REVERSE_PROXY_TRUSTED_PROXIES` and `REVERSE_PROXY_LIMIT` appropriately. See discussion in #16443 Co-authored-by: zeripath <[email protected]>
1 parent 7b31aae commit 95f4004

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

docs/content/doc/usage/fail2ban-setup.en-us.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,3 +108,12 @@ this to your Nginx configuration so that IPs don't show up as 127.0.0.1:
108108
```
109109
proxy_set_header X-Real-IP $remote_addr;
110110
```
111+
112+
The security options in `app.ini` need to be adjusted to allow the interpretation of the headers
113+
as well as the list of IP addresses and networks that describe trusted proxy servers
114+
(See the [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security) for more information).
115+
116+
```
117+
REVERSE_PROXY_LIMIT = 1
118+
REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.1/8 ; 172.17.0.0/16 for the docker default network
119+
```

0 commit comments

Comments
 (0)